AppSecInc Delivers First-to-Market Database Vulnerability Management Capabilities for Large Enterprises

SAN FRANCISCO (Oracle OpenWorld; Booth #145, Partner Pavilion) — September 19, 2005 — Application Security, Inc. (AppSecInc) (www.appsecinc.com) today announced groundbreaking capabilities for its industry-leading database vulnerability assessment scanner, AppDetective(tm). New distributed management and granular security change auditing capabilities extend AppDetective’s unmatched ability to serve the needs of large, distributed enterprises.

With nearly 50 high-visibility security incidents affecting more than 50 million pieces of sensitive information, 2005 is already the worst year in history for database hacks. The first-to-market features announced today are vital — helping organizations during a time of unprecedented attacks on corporate databases.

AppDetective customers now benefit from:

** More Granular Security Assessment: the precise location of database changes — even those performed by insiders — can be centrally tracked and logged, and can trigger alerts identifying potential precursors of security breaches.

** More Efficient and Detailed Vulnerability Management: patch levels of all databases can be centrally managed, assessed and baselined particularly helpful during the patching process — in order to identify possible adverse effects.

** More Granular, Demonstrable Compliance: database integrity is assured through validation of planned changes, and the tracking and reporting of unintended or unauthorized changes.

The average enterprise can have anywhere from hundreds to thousands of databases deployed a number increasingly harder to pin down with open source databases enabling virtually anyone to create and deploy strategic applications. This proliferation of data sources, combined with a sharp increase in vulnerabilities and associated patches, and the recognition by attackers that databases are rich and historically under-protected targets, have made databases the focal point of enterprise security.

“Ensuring the integrity of the database is critical for uninterrupted business operations,” said Murray Goldschmidt, Co-Founder of Sense of Security. “Without solutions specifically designed to secure data at the source, enterprises are vulnerable to external and internal attacks that can abruptly halt business operations, compromise confidential information and severely damage corporate assets. Traditional security offerings, built for and deployed at the network and operating system levels, are no longer enough in defending against dynamic threats to the application. Solutions like AppDetective are a critical component of today’s changing security architecture.”

“Today’s distributed and open access to information — both internal and external to enterprises — fosters much richer collaboration between customers, partners and employees, but at a cost,” said Jon Oltsik, Senior Analyst with the Enterprise Strategy Group. “Data sources that were once insular and shielded within an enterprise are now exposed — and criminals have not only taken notice, but they are taking advantage. AppSecInc provides a comprehensive approach not only to providing tighter security, but also to easing the complexity of managing that security.”

Enterprise-Class Protection to Combat Today’s Threats

The AppDetective Distributed System comprises two main components: the Distribution Manager and the Remote Engines. The Distribution Manager sits on a central server and provides the ability to distribute individual database-specific tasks like policy updates, discovery, penetration tests and audits, for execution by Remote Engines. The Remote Engines can be deployed locally across discrete business units or geographies to maximize performance. Scan results are sent back to the distribution manager and aggregated in a central database, allowing for standardized and centralized reporting and analysis. This result is more efficient, repeatable compliance verification and audit reporting.

AppDetective’s Security Change Auditing tracks and analyzes all database modifications, whether administrative changes in roles/privileges or changes resulting from the application of patches. The Security Change Auditing system first intelligently discovers all database objects creating a baseline. Subsequent scans compare the current state against this baseline, flagging changes to objects, settings and values, and highlighting the specific differences. By reviewing these results, enterprises can “police” subtle changes even those implemented by insiders to determine if the changes should be approved or examined further to determine any necessary corrective action.

Bolstering the Industry’s Most Comprehensive Vulnerability Management Solution

AppDetective provides the foundation for the industry’s most complete application-level security solution. A counterpart for AppSecInc’s AppRadar(tm), it complements intrusion detection capabilities by helping to pinpoint and verify the exact location and nature of a database compromise. Additionally, AppRadar’s database auditing functionality is enhanced through the documentation of database changes. AppDetective also integrates seamlessly with AppSecInc’s DbEncrypt(tm), ensuring production database integrity for organizations that use it to secure critical column-level information.

“With attackers, auditors and regulators all focusing on databases, database security has become a top enterprise concern,” said AppSecInc Vice President of Strategy Ted Julian. “Effective database security is a lifecycle process of discovery, prioritization, protection and monitoring. Vulnerability assessment is crucial to the first two steps and AppDetective makes the process not only easier to distribute across the largest enterprises, but also more granular — including the ability to track discrete database objects like users or stored procedures.”

Pricing and Availability

The new AppDetective 5.2 will be showcased this week at Oracle OpenWorld in San Francisco (Booth #145, Partner Pavilion). Members of the media and market research communities interested in meeting with AppSecInc executives at the conference are invited to contact Rebecca Knowles at AppSecInc (rknowles@appsecinc.com, 781-276-4508) or Juli Greenwood at CHEN PR (jgreenwood@chenpr.com, 781-672-3137).

About Application Security, Inc. (AppSecInc)

AppSecInc is the leading provider of application security solutions for the enterprise. AppSecInc’s products the industry’s only complete vulnerability management solution for the application tier proactively secure enterprise applications at more than 350 organizations around the world. By securing data at its source, we enable organizations to more confidently extend their business with customers, partners and suppliers while meeting regulatory compliance requirements. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimize risk and eliminate its impact on business. Please contact us at 1-866-927-7732 to learn more, or visit us on the web at www.appsecinc.com.